假设生成证书的目录为 /data/crt,生成操作完成后,/data/crt/下将会生成以下文件:
private.key
server.crt
server.csr
server.key
1、生成私钥
> openssl genrsa -des3 -out private.key 2048
2、生成证书请求
> openssl req -new -key private.key -out server.csr
3、生成服务器的私钥,去除密钥口令
> openssl rsa -in private.key -out server.key
4、使用私钥为证书请求签名,生成给服务器签署的证书,格式是x509的PEM格式
> sudo openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650
5、nginx配置
server {
listen 80; # http端口监听
listen 443; # https端口监听
server_name www.test.com;
index index.html index.htm index.php;
# ssl配置
ssl on;
ssl_certificate /data/crt/server.crt;
ssl_certificate_key /data/crt/server.key;
location / {
rewrite . /index.php last;
}
location = /index.php {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /data/www/blog/index.php;
fastcgi_param SCRIPT_NAME /data/www/blog/index.php;
}
}